rkt prepare

rkt can prepare images to run in a pod. This means it will fetch (if necessary) the images, extract them in its internal tree store, and allocate a pod UUID. If overlay fs is not supported or disabled, it will also copy the tree in the pod rootfs.

Support for overlay fs will be auto-detected if --no-overlay is set to false. If an unsupported filesystem is detected, rkt will print a warning message and continue preparing the pod by falling back in non-overlay mode as described above:

# rkt prepare --insecure-options=image docker://busybox --exec=/bin/sh
image: using image from local store for image name coreos.com/rkt/stage1-coreos:1.29.0
image: remote fetching from URL "docker://busybox"
Downloading sha256:8ddc19f1652 [===============================] 668 KB / 668 KB
prepare: disabling overlay support: "unsupported filesystem: missing d_type support"

The following conditions can lead to non-overlay mode:

The data directory (usually /var/lib/rkt) is on ... - an AUFS filesystem - a ZFS filesystem - a XFS filesystem having ftype=0 - a file system where the d_type field is set to DT_UNKNOWN, see getdents(2)

In this way, the pod is ready to be launched immediately by the run-prepared command.

Running rkt prepare + rkt run-prepared is semantically equivalent to running rkt run. Therefore, the supported arguments are mostly the same as in run except runtime arguments like --interactive or --mds-register.


# rkt prepare coreos.com/etcd:v2.0.10
rkt prepare coreos.com/etcd:v2.0.10
rkt: using image from local store for image name coreos.com/rkt/stage1-coreos:1.29.0
rkt: searching for app image coreos.com/etcd:v2.0.10
rkt: remote fetching from url https://github.com/coreos/etcd/releases/download/v2.0.10/etcd-v2.0.10-linux-amd64.aci
prefix: "coreos.com/etcd"
key: "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
gpg key fingerprint is: 8B86 DE38 890D DB72 9186  7B02 5210 BD88 8818 2190
    CoreOS ACI Builder <release@coreos.com>
Key "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg" already in the keystore
Downloading signature from https://github.com/coreos/etcd/releases/download/v2.0.10/etcd-v2.0.10-linux-amd64.aci.asc
Downloading signature: [=======================================] 819 B/819 B
Downloading ACI: [=============================================] 3.79 MB/3.79 MB
rkt: signature verified:
  CoreOS ACI Builder <release@coreos.com>


Flag Default Options Description
--user-annotation none annotation add to the app's UserAnnotations field Set the app's annotations (example: '--annotation=foo=bar').
--caps-remove none capability to remove (example: '--caps-remove=CAP_SYS_CHROOT,CAP_MKNOD') Capabilities to remove from the process's capabilities bounding set, all others from the default set will be included
--caps-retain none capability to retain (example: '--caps-remove=CAP_SYS_ADMIN,CAP_NET_ADMIN') Capabilities to retain in the process's capabilities bounding set, all others will be removed
--environment none environment variables add to the app's environment variables Set the app's environment variables (example: '--environment=foo=bar').
--exec none Path to executable Override the exec command for the preceding image.
--group root gid, groupname or file path Group override for the preceding image (example: '--group=group')
--inherit-env false true or false Inherit all environment variables not set by apps.
--user-label none label add to the apps' UserLabels field Set the app's labels (example: '--label=foo=bar').
--mount none Mount syntax (ex. --mount volume=NAME,target=PATH) Mount point binding a volume to a path within an app. See Mounting Volumes without Mount Points.
--name none Name of the app Set the name of the app (example: '--name=foo'). If not set, then the app name default to the image's name
--no-overlay false true or false Disable the overlay filesystem.
--pull-policy new never, new, or update Sets the policy for when to fetch an image. See image fetching behavior
--pod-manifest none A path The path to the pod manifest. If it's non-empty, then only --net, --no-overlay and --interactive will have effect.
--port none A port name and number pair Container port name to expose through host port number. Requires contained network. Syntax: --port=NAME:HOSTPORT The NAME is that given in the ACI. By convention, Docker containers' EXPOSEd ports are given a name formed from the port number, a hyphen, and the protocol, e.g., 80-tcp, giving something like --port=80-tcp:8080
--private-users false true or false Run within user namespaces
--quiet false true or false Suppress superfluous output on stdout, print only the UUID on success
--set-env `` An environment variable. Syntax NAME=VALUE An environment variable to set for apps
--set-env-file `` Path of an environment variables file Environment variables to set for apps
--signature `` A file path Local signature file to use in validating the preceding image
--stage1-url `` A URL to a stage1 image. HTTP/HTTPS/File/Docker URLs are supported Image to use as stage1
--stage1-path `` A path to a stage1 image. Absolute and relative paths are supported Image to use as stage1
--stage1-name `` A name of a stage1 image. Will perform a discovery if the image is not in the store Image to use as stage1
--stage1-hash `` A hash of a stage1 image. The image must exist in the store Image to use as stage1
--stage1-from-dir `` A stage1 image file inside the default stage1 images directory Image to use as stage1
--user none uid, username or file path user override for the preceding image (example: '--user=user')
--volume `` Volume syntax (NAME,kind=KIND,source=PATH,readOnly=BOOL,recursive=BOOL). See Mount Volumes into a Pod Volumes to make available in the pod

Global options

See the table with global options in general commands documentation.